JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 5,000+ companies that already depend on JFrog to manage binaries for their mission-critical applications.
Gal Marder is the vice president of global DevOps acceleration and has worked with numerous development teams at some of the world’s largest companies. Even as security becomes embedded within DevOps platforms and development processes under the umbrella of DevSecOps, many organizations are still failing to embed a security mindset within all stages of the software development and development lifecycle.
Gal has some interesting insights on some of the ongoing changes in how companies are integrating security within DevOps practices including:
Security must be iterative. Security must mimic software development and become an interactive process. Gone are the days when the security team conducts an exhaustive review and audit of software code after the application development is completed. The better approach is to incorporate security at every stage of the development process.
Patch fast or die. As software release schedules have accelerated to a daily event, the potential for software vulnerabilities has also increased. Rather than viewing this as a problem, security teams should view this as an opportunity to match the rapid pace of software development with the rapid identification and fixing of these vulnerabilities.
Ignore software licenses at your own peril: 80% of software is built using open source components yet many developers fail to understand the rules before embedding it within their software.
Subscribe to the Tech Talks Daily Podcast